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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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1 )^ Responsive to communication(s) filed on 07 March 2008 . 
2a )□ This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Clalm(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) \Z\ Claim(s) is/are allowed. 

6) |EI Claim(s) 1-11 is/are rejected. 
/)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 
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9) 0 The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 12 July 2004 is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-11 have been examined. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 3/7/08 has been entered. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-8 are rejected under 35 U.S.C. 102(e) as being clearly anticipated by Lineman 
et al. U.S. Pat. No. 20030065942 (hereinafter Lineman). 

5 . As per claim 1 , Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means, constituted by a hard disk or Random Access 
Memory device, a central processor unit connected to said memory means, an input device. 
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constituted by a mouse or keyboard device, connected to said central processor unit, for the input 
of a piece of security information into said computer system (Lineman: [0032]: creating security 
policy document), an output device, constituted by a printer or display device, connected to said 
central processor unit for the output of security information (Lineman: figure 4A and 4B), a 
policy module communicating with said input device and said memory means for the conversion 
of said piece of security information into an information security object, said information 
security object stored in said memory means (Lineman: [0033]: create a security policy and 
represent the policy information in machine readable and human readable forms), and a survey 
module communicating with said memory means and said output means for generating from said 
information security object an element of a questionnaire to be output by means of said output 
device (Lineman: [0036]: quiz associated with security policy document and figure 2); wherein 
said modular content includes an object category, an object descriptor, an object content, a 
content category, and a target group (Lineman: [0044]: the policy wizard allows the 
administrator to draft questionnaires accordingly). 

6. As per claim 2, Lineman discloses the computer system according to claim 1 . Lineman 
further discloses the system comprising an educational module communicating with said 
memory means for receiving through said input device a set of answers to said questionnaire and 
for comparing said set of answers of said questionnaire with said information security objects for 
determining the correct and the incorrect answers, and generating, based on said incorrect 
answers, an educational program to be output by means of said output device (Lineman: [0075]: 
score the quizzes; [0082]: target the weakness that needs to be addressed). 
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7. As per claim 3, Lineman discloses the computer system according to claim 2. Lineman 
further discloses said set of answers being stored in said memory means (Lineman: [0075]: 
determine the score). 



8. As per claim 4, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said memory means being organized as a database (Lineman: 
[0052]). 



9. As per claim 5, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said computer system constituting a stand alone computer or 
alternatively a computer system including a network and a plurality of PC's each including an 
input device and an output device to be operated by a respective user (Lineman: [0026]: 
enterprise network). 



10. As per claim 6, Lineman discloses the computer system according to any of the claims 1- 

3. Lineman further discloses said central processor unit controls in said conversion of said piece 
of said security information into said information security object, said policy module to check in 
said memory means the possible presence of a corresponding security information object 
(Lineman: figure 2 and [0032]). 
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11. As per claim 7, Lineman discloses a method of providing security awareness in an 
organization, comprising receiving a piece of security information (Lineman: [0032] and figure 
2: receive user specified security policy information), modularizing said piece of security 
information to create an information security object (Lineman: [0034]: the security policy object 
is created to affect the entire network), storing said information security object in a memory 
means, said information security object being generated in a pohcy module (Lineman: [0032]), 
generating in a survey module an element of a questionnaire from said information security 
object and output said questionnaire including said element (Lineman: [0036]). 

12. As per claim 8, Lineman discloses the method according to claim 7. Lineman further 
discloses the method comprising the computer system according to any of the claims 1-3 
(Lineman: [0026] and [0031]). 

13. Claim 1 1 is rejected under 35 U.S.C. 102(e) as being anticipated by Townsend U.S. Pub. 
No. 20020188861 (hereinafter Townsend). 

14. As per claim 11, Townsend discloses a method of providing security awareness in an 
organization, comprising: receiving security information (Townsend: [0024]); modularizing the 
security information to create an information security object (Townsend: [0027]); assigning a 
security level value to said information security object; and compiling said information security 
object into a security policy including other information security objects having the same 
security level value (Townsend: [0027]); wherein said modular content includes an object 
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category, an object descriptor, an object content, a content category, and a target group 
(Townsend: [0024]: tailor the questionnaire accordingly). 

Claim Rejections - 35 USC § 103 

15. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

16. Claims 9 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lineman 
in view of Townsend. 

17. As per claim 9, Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means coupled to a central processing unit; an input 
device coupled to said central processor unit for receiving security information into said 
computer system; and output device coupled to said central processor unit for outputting security 
information; and an information security object stored in said memory means, said information 
security object including modular content derived from said security information and having a 
unique identifier, said unique identifier used to link said information security object to an 
organization and the policy document is created according the security level of the organization 
specified by administrator (Lineman: [0032]-[0033]: the security policy is converted into 
machine readable and human readable forms and is modularized to affect the enterprise network; 
[0044] and [0055]: the administrator selects categories to tailor a policy document suitable for 
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the organization and the policy includes identifier) wherein said modular content includes an 
object category, an object descriptor, an object content, a content category, and a target group 
(Lineman: [0044]: the policy wizard allows the administrator to draft questionnaires 
accordingly). Lineman does not explicitly disclose the policy information includes a security 
level indicating the level that matches a default security level of the organization. However, 
Townsend discloses creating a security model based on the security level of an organization and 
the security model includes a countermeasure and strength level (Townsend: [0010]). It would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
prompt the administrator to select the desired security protection and determine a security level 
of an organization, then creating a security object suitable for the organization based on the 
security level because both prior art are related to enterprise security awareness system. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Townsend within the system of Lineman 
because it provides reliable, repeatable, cost efficient, and consistent system for enterprise 
network (Townsend: [0009]). 

18. As per claim 10, Lineman as modified discloses the system of claim 9. Lineman as 
modified further discloses a survey module communicating with said memory means and said 
output means for generating from said information security object an element of a questionnaire 
to be output by means of said output device (Lineman: [0036]: quiz associated with security 
policy document and figure 2). 
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Response to Arguments 
19. Applicant's arguments filed on 3/7 /OS have been fiiUy considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant argues that the prior art of record does not 
disclose wherein said ISO contains content categorized as object category, object descriptor, 
object content, content category, and target group. However, Lineman and Townsend discloses 
the method of allowing administrators to tailor the questionnaire aimed at different target groups 
using different categories of data (Lineman: [0044]: the policy wizard allows the administrator to 
draft questionnaires accordingly; Townsend: [0024]: tailor the questionnaire accordingly). 
Therefore, applicant's argument is traversed. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/501 ,302 Page 9 

Art Unit: 2131 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 
Examiner 
Art Unit 2131 

SC 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



